Skip site navigation (1) Skip section navigation (2)

Re: Suggestion for pgAgent

From: Dave Page <dpage(at)pgadmin(dot)org>
To: Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at>
Cc: pgadmin-hackers(at)postgresql(dot)org
Subject: Re: Suggestion for pgAgent
Date: 2009-11-17 18:15:32
Message-ID: 937d27e10911171015u4067ab8fjaf415207ed159a1c@mail.gmail.com (view raw or flat)
Thread:
Lists: pgadmin-hackers
On Tue, Nov 17, 2009 at 7:50 AM, Albe Laurenz <laurenz(dot)albe(at)wien(dot)gv(dot)at> wrote:
>> Sure, it's definitely an option - provided it can be done in a secure
>> way. Want to work on it?
>
> I should be able to change pgAgent accordingly, but I am not an
> accomplished GUI programmer and have no experience with wxWidgets,
> so I don't want to promise that I can do the necessary modifications
> in pgAdmin.

We can help with that. It should be fairly trivial from a GUI perspective.

> Can you think of any security concerns?

Privilege escalation. Currently, pgAgent relies on the security of the
schema to prevent unauthorised users from creating jobs that run as
the pgagent operating system user (typically 'postgres'). If you leave
that as-is, and just allow a connection username to be specified, we
shouldn't have a problem, but if the schema is opened up to allow
users to schedule jobs by default, then there's potentially a big
issue.

In further thought though - why can't you just set the target database
of the step to be 'remote' and then specify a connection string with a
specified username?

-- 
Dave Page
EnterpriseDB UK: http://www.enterprisedb.com

In response to

Responses

pgadmin-hackers by date

Next:From: Albe LaurenzDate: 2009-11-18 12:24:38
Subject: Re: Suggestion for pgAgent
Previous:From: Ashesh VashiDate: 2009-11-17 12:35:05
Subject: Re: PATCH(WIP): Printing Support And Save GQB/Explain as an image

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group